Exchange Online

This document provides information for about creating a Exchange Connector app, which is required for Focus product to connect to customer's Exchange Online accounts.

https://docs.getvisibility.com/scan-with-getvisibility/configure-data-sources/exchange-online#registering-an-azure-appRegistering an Azure App

  • Login to Azure Portal

  • If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application from the Directories + subscriptions menu

  • Browse to App Registration and select New registration

  • On the App Registration page enter below information and click Register button

    • Name: (Enter a meaningful application name that will be displayed to users of the app)

    • Supported account types:

      • Select which accounts you would like your application to support. You should see the options similar to below. You can select “Accounts in this organizational directory only”:

      • Leave the Redirect URI as empty and Click Register

  • Note the Application (client) ID, Directory (tenant) ID values

  • Navigate to Manage -> Certificates and secrets on the left menu, to create a new client secret

  • Provide a meaningful description and expiry to the secret, and click on Add

  • Once a client secret is created, note its Value and store it somewhere safe. NOTE: this value cannot be viewed once you leave this page

  • Navigate to Manage -> API permissions on the left menu, and Add a permission

  • Select Microsoft APIs -> Microsoft Graph

  • Select Application permissions

  • Permissions required

    • For scanning

      • Microsoft Graph > Application permissions > Mail > Mail.Read

      • Microsoft Graph > Application permissions > User > User.Read.All

      • Microsoft Graph > Application permissions > DeviceManagementApps > DeviceManagementApps.Read.All

      • Microsoft Graph > Application permissions > MailboxSettings > MailboxSettings.Read

    • For tagging

      • Microsoft Graph > Application permissions > Mail > Mail.ReadWrite

  • Once all the required permissions are added, Grant admin consent to them